Lucene search
K

27 matches found

The Hacker News
The Hacker News
added 2024/07/05 8:40 a.m.16 views

GootLoader Malware Still Active, Deploys New Versions for Enhanced Attacks

The malware known as GootLoader continues to be in active use by threat actors looking to deliver additional payloads to compromised hosts. "Updates to the GootLoader payload have resulted in several versions of GootLoader, with GootLoader 3 currently in active use," cybersecurity firm Cybereason...

7.4AI score
Exploits0
Trellix
Trellix
added 2023/10/05 12:0 a.m.56 views

Storm-0324: An access for the RaaS Threat Actor (Sangria Tempest)

Storm-0324 to Sangria Tempest Leads to Ransomware Capabilities By Gurumoorthi Ramanathan · October 5, 2023 Executive Summary: In early July 2023, the threat actor that Microsoft calls “Storm-0324” was observed sending a phishing message through Microsoft Teams. Storm-0324 is a financially motivat...

8.2AI score0.12107EPSS
Exploits0
Microsoft Secure
Microsoft Secure
added 2023/09/12 5:0 p.m.75 views

Malware distributor Storm-0324 facilitates ransomware access

The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors. These handoffs frequently lead to ransomware deployment. Beginnin...

4.1CVSS7.3AI score0.12107EPSS
Exploits0
The Hacker News
The Hacker News
added 2023/02/09 10:38 a.m.23 views

Gootkit Malware Adopts New Tactics to Attack Healthcare and Finance Firms

The Gootkit malware is prominently going after healthcare and finance organizations in the U.S., U.K., and Australia, according to new findings from Cybereason. The cybersecurity firm said it investigated a Gootkit incident in December 2022 that adopted a new method of deployment, with the actors...

0.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/02/09 10:38 a.m.3 views

Gootkit Malware Adopts New Tactics to Attack Healthcare and Finance Firms

The Gootkit malware is prominently going after healthcare and finance organizations in the U.S., U.K., and Australia, according to new findings from Cybereason. The cybersecurity firm said it investigated a Gootkit incident in December 2022 that adopted a new method of deployment, with the actors...

6.8AI score
Exploits0
Trellix
Trellix
added 2023/02/08 12:0 a.m.12 views

No More Macros? Better Watch Your Search Results!

No More Macros? Better Watch Your Search Results! By Pham Duy Phuc and Max Kersten · February 08, 2023 Threat actors often rely on the same techniques until their hand is forced, usually due to defensive changes or chance-based opportunities, to leverage a new technique. Malicious macros in...

7.8AI score
Exploits0
Trellix
Trellix
added 2023/02/08 12:0 a.m.9 views

No More Macros? Better Watch Your Search Results!

No More Macros? Better Watch Your Search Results! By Pham Duy Phuc · February 08, 2023 This blog was also written by Max Kersten Threat actors often rely on the same techniques until their hand is forced, usually due to defensive changes or chance-based opportunities, to leverage a new technique...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2023/01/29 5:47 a.m.2 views

Gootkit Malware Continues to Evolve with New Components and Obfuscations

The threat actors associated with the Gootkit malware have made "notable changes" to their toolset, adding new components and obfuscations to their infection chains. Google-owned Mandiant is monitoring the activity cluster under the moniker UNC2565 , noting that the usage of the malware is...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/01/29 5:47 a.m.53 views

Gootkit Malware Continues to Evolve with New Components and Obfuscations

The threat actors associated with the Gootkit malware have made "notable changes" to their toolset, adding new components and obfuscations to their infection chains. Google-owned Mandiant is monitoring the activity cluster under the moniker UNC2565, noting that the usage of the malware is...

1.3AI score
Exploits0
The Hacker News
The Hacker News
added 2023/01/27 11:53 a.m.2 views

Researchers Discover New PlugX Malware Variant Spreading via Removable USB Devices

Cybersecurity researchers have uncovered a PlugX sample that employs sneaky methods to infect attached removable USB media devices in order to propagate the malware to additional systems. "This PlugX variant is wormable and infects USB devices in such a way that it conceals itself from the Window...

7.1AI score
Exploits0
hivepro
hivepro
added 2023/01/15 6:10 p.m.20 views

GootKit Loader is targeting organizations in the Australian healthcare industry

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Gootkit, also known as Gootloader, is a type of malware known for being used in advanced persistent threat APT campaigns. Recently, it has been discovered to be targeting organizations in the Australian...

2.6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/01/11 2:24 p.m.37 views

Australian Healthcare Sector Targeted in Latest Gootkit Malware Attacks

A recent wave of Gootkit malware loader attacks has targeted the Australian healthcare sector by leveraging legitimate tools like VLC Media Player. Gootkit, also called Gootloader, is known to employ search engine optimization SEO poisoning tactics aka spamdexing for initial access. It typically...

1.7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/01/11 2:24 p.m.2 views

Australian Healthcare Sector Targeted in Latest Gootkit Malware Attacks

A recent wave of Gootkit malware loader attacks has targeted the Australian healthcare sector by leveraging legitimate tools like VLC Media Player. Gootkit, also called Gootloader, is known to employ search engine optimization SEO poisoning tactics aka spamdexing for initial access. It typically...

7.1AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2023/01/09 12:0 a.m.10 views

Gootkit Loader Actively Targets Australian Healthcare Industry

We analyzed the infection routine used in recent Gootkit loader attacks on the Australian healthcare industry and found that Gootkit leveraged SEO poisoning for its initial access and abused legitimate tools like VLC Media Player...

3.2AI score
Exploits0
The Hacker News
The Hacker News
added 2022/08/01 4:51 a.m.44 views

Gootkit Loader Resurfaces with Updated Tactic to Compromise Targeted Computers

The operators of the Gootkit access-as-a-service AaaS malware have resurfaced with updated techniques to compromise unsuspecting victims. "In the past, Gootkit used freeware installers to mask malicious files; now it uses legal documents to trick users into downloading these files," Trend Micro...

0.2AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2022/07/27 12:0 a.m.18 views

Gootkit Loader’s Updated Tactics and Fileless Delivery of Cobalt Strike

Gootkit has been known to use fileless techniques to drop Cobalt Strike and other malicious payloads. Insights from a recent attack reveal updates in its tactics...

2.7AI score
Exploits0
Securelist
Securelist
added 2021/06/07 12:0 p.m.133 views

Gootkit: the cautious Trojan

Gootkit is complex multi-stage banking malware that was discovered for the first time by Doctor Web in 2014. Initially it was distributed via spam and exploits kits such as Spelevo and RIG. In conjunction with spam campaigns, the adversaries later switched to compromised websites where the visito...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/03 12:56 p.m.35 views

Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection

Cybercriminals are now deploying remote access Trojans RATs under the guise of seemingly innocuous images hosted on infected websites, once again highlighting how threat actors quickly change tactics when their attack methods are discovered and exposed publicly. New research released by Cisco Tal...

7.8AI score
Exploits0
ThreatPost
ThreatPost
added 2021/03/01 9:23 p.m.184 views

Malware Loader Abuses Google SEO to Expand Payload Delivery

The Gootloader malware loader, previously used for distributing the Gootkit malware family, has undergone what researchers call a “renaissance” when it comes to payload delivery. New research released this week paints Gootloader as an increasingly sophisticated loader framework, which has now...

6.9AI score
Exploits0References13
The Hacker News
The Hacker News
added 2021/03/01 2:18 p.m.6 views

Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites

A framework notorious for delivering a banking Trojan has received a facelift to deploy a wider range of malware, including ransomware payloads. "The Gootkit malware family has been around more than half a decade – a mature Trojan with functionality centered around banking credential theft," Soph...

5.9AI score
Exploits0
Rows per page
Query Builder